[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DSA-187 and DSA-188 apache - several vulnerabilities and testing



Good day,

I'm checking testing against 2002 DSAs (for woody) with Joeh Hess.

I'm not sure with DSA-187 [1] and DSA-188 [2] (sames security problems, one for
apache and another one for apache-ssl)

I know that CAN-2002-0839, CAN-2002-0840, CAN-2002-0843 are fixed in
unstable since apache 1.3.27-0.1

I believe CAN-2001-0131 and CAN-2002-1233 are fixed with the following
patches in apache debian packages :
901_security_htdigest_tempfiles
902_security_htpasswd_tempfiles

Could you confirmme this?

both DSA also mentionned buffer overflows in ApacheBench :

| NO-CAN: Several buffer overflows have been found in the ApacheBench (ab)
| utility that could be exploited by a remote server returning very long
| strings.

Do you know if theses are fixed in testing package?

Thanks for your help.

[1] http://www.debian.org/security/2002/dsa-187
[2] http://www.debian.org/security/2002/dsa-188
-- 
Djoumé SALVETTI

Attachment: pgpxX8twfRPKY.pgp
Description: PGP signature


Reply to: